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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments, filed on 04/20/2009 with respect to claims 1-9 and 13-20 
in the remarks, have been considered but are moot in view of the new ground(s) of 
rejection. 



Claim Rejections - 35 USC $103 



2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented 
and the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of the claims under 35 
U.S.C. 1 03(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time 
any inventions covered therein were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was not commonly owned at the 
time a later invention was made in order for the examiner to consider the applicability of 35 U.S.C. 1 03(c) and 
potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 USPQ 459 (1966), that are applied for establishing a 
background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 



Claims 1-9 and 13-20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Deshpande et al. (U.S 20020176579 A1), (hereinafter Deshpande) in view of 
Barriga-Caceres et al., (US 20030163733), (hereinafter Barriga) and further in view 
of Kennedy et al., (US 6,084,967), (hereinafter, Kennedy). 
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Regarding claims 1, 7 and 13, Deshpande discloses a network access 
system/program comprising: 

a network access hub (= hotspot access point 20 or 30, see Fig. 1 ) 
communicatively coupled to a global communications network (= hotspot service 
provider network; and any other connected networks such as internet, see [0019]) and 
the network access hub (= access point 20 or 30) communicatively connectable to a 
computing device (= mobile wireless device 40, see [0020] and Fig. 1) the network 
access hub operable to receive an initial set of credentials from a user via the 
computing device (= user is required to provide identification such as user name, 
password or IMSI, see [0025-26]); 

an authentication engine (= user is authorized via authentication server 50 for 
access to the hotspot service provider's services, see [0025]) communicatively coupled 
to the network access hub via and the global communications network; and 
authentication engine operable to receive the initial set of credentials of the user from 
the network access hub and operable to authenticate the initial set of credentials and an 
authorization engine (= user is authorized via authentication server 50 for access to the 
hotspot service provider's services, see [0025]),operable to issue the computing device 
a grant of access rights (= access privileges, see [0022]) to both transport service 
(= user may registers with access point; and makes high bandwidth connection to 
internet, see [0020-21]) and federated data services of federated data service providers 
(= user may accept e-mail and other services once authorized; and authorization with 
another access point will not require the user to supply identification and/or 
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authentication information for access to services, see [0022, 0025 and 0034]) via the 
global communications network and the network access hub in response to the 
authentication of the initial set of credentials (= user is authorized via authentication 
server 50 for access to the hotspot service provider's services, see [0025]), authorize 
access of the user to both the transport services and the federated data services of the 
federated data service without the user having to provide the initial set of credentials to 
re- authenticate with the federated service providers (= authorization with another 
access point will not require the user to supply identification and/or authentication 
information for access to services, see [0025 and 0034]; wherein the user connection to 
the access point and internet, is being associated with "transport service"; and the 
user's authorization to access hotspot service provider's services via another access 
point without the supply of user identification, is being associated with the "federated 
service"). 

Although Deshpande mentions access privileges upon authorization; and the 
user's authorization to access hotspot service provider's services via another access 
point without the supply of user identification (see [0022 and 0025]), Deshpande 
explicitly fails to mention " third party federated data service providers" and a "token". 

Barriga, which is an analogous art, mentions a system that includes Federation 
of Service Providers; a Single Sign-on Services (SSO) for subscribers of Federation of 
Mobile Network Operator; users having the advantage of the SSO service can access 
any service at any Service Provider (SP) within the reference model agreement; the 
Mobile Network Operators (MNO) may obtain revenues by offering SSO services, in 
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particular authentication and authorization, to third parties; and authentication and 
authorization via AAA server 44 (see [0003, 0010-1 1 , 0017 0022-25, 0044 and 0100- 
0101]). Barriga also teaches digital certificates, token, cookies and artifact that include 
user authentication identity (see, [0007, 0020, 0066-70, 0103 and 0106-108]; whereby 
the digital certificates, token, cookies and artifact are an example of the "token"). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande for the benefit of 
achieving a federated single sign-on network (see Barriga, [0025]). 

The combination of Deshpande and Barriga fails to mention that " the initial set 
of credentials includes biometric user information". 

However, Kennedy, which is an analogous art, equivalent^ teaches " the initial 
set of credentials includes biometric user information" (= biometric of a person is used to 
verify or authenticate identification of system user, see col. 1 , lines 34-42; and col. 2, 
line 55- col. 3, line 6). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Kennedy in the system of Deshpande and Barriga for the 
benefit of achieving a communication network that uses biometric information of user for 
authentication purposes. 

Regarding claim 2, as recited in claim 1 , Deshpande further discloses that the system 
further comprising a short-range wireless transceiver associated with the first network 
access hub (see, [0002 and 0020]). 
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Regarding claim 3, as recited in claim 2, Deshpande further discloses the system, 
wherein the transport services comprise wireless communication via a wireless local 
area network technology link (see, [0021]). 

Regarding claim 4, as recited in claim 3, Deshpande further discloses the system, 
wherein the data services comprise a service that provides personalized information 
based on an identity of the user (see, [0025-26]). 

Regarding claim 5, as recited in claim 4, Deshpande discloses the system, wherein the 
federated data services (= upon authentication, handshaking with another access point 
will not require the user to supply identification and/or authentication information for 
access to services, see [0019, 0025 and 0034]); but the combination of Deshpande and 
Kennedy fails to mention that the federated system includes first federated data service 
provided by a first third party federated service provider, and a second third party 
federated data service provided by a second federated service provider. 

However, Barriga, which is an analogous art, mentions the federated system 
includes first federated data service provided by a first third party federated service 
provider, and a second third party federated data service provided by a second 
federated service provider (= system that includes Federation of Service Providers; a 
Single Sign-on Services (SSO) for subscribers of Federation of Mobile Network 
Operator; users having the advantage of the SSO service can access any service at 
any Service Provider (SP) within the reference model agreement; the Mobile Network 
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Operators (MNO) may obtain revenues by offering SSO services, in particular 
authentication and authorization, to third parties; and authentication and authorization 
via AAA server 44 (see [0003, 001 0-1 1 , 001 7, 0022-25, 0044 and 01 00-01 01 ]). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 6, as recited in claim 5, the combination of Deshpande and Kennedy 
explicitly fails to disclose that the system, further comprising "a federation engine 
operable to maintain information that indicates members of a service provider 
federation, the service provider federation comprising the first third party federated 
service provider and the second third party federated service provider". 

However, Barriga teaches "a federation engine operable to maintain information 
that indicates members of a service provider federation, the service provider federation 
comprising the first third party federated service provider and the second third party 
federated service provider" (see, [0009-11, 0019, 0022-25, 0028, 0044 and 0066-70]). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 8, as recited in claim 7, Deshpande discloses that the method further 
comprising: receiving a request for access to the federated network data service from 
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an electronic device (see, [0025 and 0034]); prompting the electronic device to send the 
first set of credentials (= PIN, password) (see, [0020 and 0025]). 

Regarding claim 9, as recited in claim 8, Deshpande discloses that the method further 
comprising: receiving a subsequent request for access to a second federated network 
data service of a second federated data service provider from the electronic device; and 
authorizing access to the second federated network data service of the second 
federated data service provider in response to the subsequent request without the user 
having to provide the initial set of credentials to re-authenticate with the second 
federated service provider (= upon authentication and authorization, handshaking with 
another access point will not require the user to supply identification and/or 
authentication information for access to services, see [0019, 0025 and 0034]); but the 
combination of Deshpande and Kennedy fails to mention "requesting that the electronic 
device cache the token and recognizing an existence of the token at the electronic 
device" and " third party federated data service providers". 

Barriga, which is an analogous art, mentions a system that includes Federation 
of Service Providers; a Single Sign-on Services (SSO) for subscribers of Federation of 
Mobile Network Operator; users having the advantage of the SSO service can access 
any service at any Service Provider (SP) within the reference model agreement; the 
Mobile Network Operators (MNO) may obtain revenues by offering SSO services, in 
particular authentication and authorization, to third parties; and authentication and 
authorization via AAA server 44 (see [0003, 001 0-1 1 , 001 7 0022-25, 0044 and 01 00- 
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0101]). Barriga also teaches digital certificates, token, cookies and artifact that include 
user authentication identity (see, [0007, 0020, 0066-70, 0103 and 0106-108]; whereby 
the digital certificates, token, cookies and artifact are an example of the "token"). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 14, as recited in claim 13, Deshpande mentions access privileges 
upon authorization (see [0022]), however, the combination of Deshpande and Kennedy 
explicitly fails to mention the system wherein the electronic device includes a cache 
operable to store the token. 

Barriga, which is an analogous art, mentions a system that includes Single Sign- 
on Services (SSO) for subscribers of Federation of Mobile Network Operator and 
authentication and authorization via AAA server 44 (see [0003, 001 0-1 1 , 001 7 0022-25 
0044 and 0100-0101]). Barriga also teaches digital certificates, token and artifact (see, 
[0007, 0020, 0066-70 and 0106-08]). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 15, as recited in claim 13, Deshpande discloses access rights to both 
transport services and data services at a second hotspot of the plurality of hotspots 
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(= access privileges, see Pars. [0022, 0025, 0034, 0037 and 042-43]); but the 
combination of Deshpande and Kennedy fails to mention a token. 

Barriga, which is an analogous art, mentions a system that includes Single Sign- 
on Services (SSO) for subscribers of Federation of Mobile Network Operator and 
authentication and authorization via AAA server 44 (see [0003, 001 0-1 1 , 001 7 0022-25 
0044 and 0100-0101]). Barriga also teaches digital certificates, token and artifact (see, 
[0007, 0020, 0066-70 and 0106-08]). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 16, as recited in claim 13, Deshpande discloses that the system, 
further comprising: an authentication engine communicatively coupled to the broad 
communications network and operable to receive an initial set of credentials from a 
user, the authentication engine (= authorization and authentication, see [0019 and 
0024-25]) further operable to compare the initial set of credentials against a maintained 
set of credentials and to output a valid signal indicating that the user is a valid user 
(see , [0022, 0024-25 and 0034]); but the combination of Deshpande and Kennedy fails 
to mention and a "federation engine operable to initiate a sharing of information 
associated with the valid user with a first third party federated data service provider". 
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However, Barriga teaches "federation engine operable to initiate a sharing of 
information associated with the valid user with a first third party federated data service 
provider" (see Pars. 0009-1 1, 0022-25, 00280047-48 and 0066-70). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, Par. 0025). 

Regarding claim 17, as recited in claim 13, Deshpande discloses that the system, 
further comprising: 

an authentication engine communicatively coupled to the broad communications 
network and operable to output a valid signal indicating that a user requesting access is 
a valid user and entitled to transport and data service access (see, [0019, 0025, 0034 
and 0037]); but the combination of Deshpande and Kennedy fails to teach "a federation 
engine operable to initiate a sharing of at least a portion of a valid user information with 
a first third party federated data service provider, the valid user information to facilitate 
access to a federated data service without additional sign on operations by the user 
requesting access". 

However, Barriga teaches "a federation engine operable to initiate a sharing of 
at least a portion of a valid user information with a first third party federated data service 
provider, the valid user information to facilitate access to a federated data service 
without additional sign on operations by the user requesting access" (see, [0009-1 1 , 
0022-25, 00280047-48 and 0066-70]). 
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It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, [0025]). 

Regarding claim 18, as recited in claim 13, Deshpande discloses the system, wherein 
the data service comprises a unified messaging mailbox (see, [0019 and 0041]). 

Regarding claim 19, as recited in claim 13, Deshpande discloses the system, wherein 
the transport service comprises access to the broad communication network via at 
least the first hotspot of the plurality of hotspots (see, [0019, 0025 and 0034] and Fig. 
2)- 

Regarding claim 20, as recited in claim 19, Deshpande discloses that the system, 
further comprising: 

an authentication engine communicatively coupled to the broad communications 
network and operable to output a valid signal indicating that a user requesting access is 
a valid user and entitled to transport and data service access (0037); but the 
combination of Deshpande and Kennedy fails to teach "a federation engine operable to 
initiate a sharing of at least a portion of valid user information with a first third party 
federated data service provider, the valid user information operable to facilitate access 
to a federated data service without additional sign on operations by the user requesting 
access". 
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However, Barriga teaches "a federation engine operable to initiate a sharing of 
at least a portion of valid user information with a first third party federated data service 
provider, the valid user information operable to facilitate access to a federated data 
service without additional sign on operations by the user requesting access" (= single 
sign-on and federation, see Pars. 0009-1 1 , 0022-25, 00280047-48 and 0066-70). 

It would therefore have been obvious to one of the ordinary skill in the art to 
combine the teaching of Barriga with the system of Deshpande and Kennedy for the 
benefit of achieving a federated single sign-on network (see Barriga, Par. 0025). 

CONCLUSION 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See attached form PTO-892 for cited references and the prior art 
made of record. 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references applied to the claims above for the convenience of the applicant. Although 
the specified citations are representative of the teachings of the art and are applied to 
specific limitations within the individual claim, other passages and figures may apply as 
well. It is respectfully requested from the applicant in preparing responses, to fully 
consider the references in entirety as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior art or disclosed 
by the Examiner. SEE MPEP 2141 .02 [R-5] VI. PRIOR ART MUST BE 
CONSIDERED IN ITS ENTIRETY, INCLUDING DISCLOSURES THAT TEACH AWAY 
FROM THE CLAIMS: A prior art reference must be considered in its entirety, i.e., as a 
whole, including portions that would lead away from the claimed invention. W.L. Gore & 
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Associates, Inc. v. Garlock, Inc., 721 F.2d 1540, 220 USPQ 303 (Fed. Cir. 1983), cert, 
denied, 469 U.S. 851 (1 984) In re Fulton, 391 F.3d 1 1 95, 1 201 , 73 USPQ2d 1 1 41 , 1 1 46 
(Fed. Cir. 2004). >See also MPEP §2123. 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
33the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kwasi Karikari whose telephone number is 571-272- 
8566. The examiner can normally be reached on M-T (9am - 7pm). 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Charles Appiah can be reached on 571-272-7904. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8566. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. 
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For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

/Kwasi Karikari/ 

Patent Examiner: Art Unit 2617. 



/Charles N. Appiah/ 

Supervisory Patent Examiner, Art Unit 2617 



